diff --git a/functions/_middleware.ts b/functions/_middleware.ts
index 5f76ac0..2c10149 100644
--- a/functions/_middleware.ts
+++ b/functions/_middleware.ts
@@ -78,6 +78,8 @@ async function setBody(context: RequestContext) {
 }
 
 async function setHeaders(context: RequestContext) {
+  const nonce = crypto.randomUUID().replace(/-/g, "");
+  context.data.nonce = nonce;
   const response = await context.next();
 
   const rtvValues = [
@@ -110,11 +112,13 @@ async function setHeaders(context: RequestContext) {
     ],
     "media-src": ["https://mediaproxy.carcrushers.cc"],
     "script-src": ["https://challenges.cloudflare.com", "'self'"],
+    "style-src": [`nonce-${nonce}`, "'self'"],
   };
 
   const directives = [];
 
-  for (const [k, v] of Object.entries(policies)) directives.push(`${k} ${v}`);
+  for (const [k, v] of Object.entries(policies))
+    directives.push(`${k} ${v.join(" ")}`);
 
   response.headers.set("Content-Security-Policy", directives.join("; "));